Latest CVE Feed
-
8.6
HIGH- Published: Sep. 06, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-3769
# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if th... Read more
Affected Products : oh_my_zsh- Published: Nov. 30, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-3768
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more
Affected Products : bookstack- Published: Sep. 06, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-3767
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more
Affected Products : bookstack- Published: Sep. 06, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3766
objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')... Read more
Affected Products : objection- Published: Sep. 06, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3765
validator.js is vulnerable to Inefficient Regular Expression Complexity... Read more
Affected Products : validator- Published: Nov. 02, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3764
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system avail... Read more
Affected Products : linux_kernel- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-3763
A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact... Read more
Affected Products : amq_broker- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3762
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for r... Read more
- Published: Mar. 03, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-3761
Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 13335 - Cloudflar... Read more
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-3760
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.... Read more
Affected Products : linux_kernel fedora debian_linux h410c_firmware h300s_firmware h500s_firmware h700s_firmware h410s_firmware h300s h410s +9 more products- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-3759
A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a den... Read more
- Published: Aug. 23, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-3758
bookstack is vulnerable to Server-Side Request Forgery (SSRF)... Read more
Affected Products : bookstack- Published: Sep. 02, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3757
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')... Read more
Affected Products : immer- Published: Sep. 02, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3756
libmysofa is vulnerable to Heap-based Buffer Overflow... Read more
- Published: Oct. 29, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-3754
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.... Read more
- Published: Aug. 26, 2022
- Modified: Nov. 21, 2024
-
4.7
MEDIUMCVE-2021-3753
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerabil... Read more
Affected Products : linux_kernel enterprise_linux active_iq_unified_manager h410c_firmware hci_management_node solidfire element_software h300s_firmware h500s_firmware h700s_firmware +8 more products- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
7.9
HIGHCVE-2021-3752
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The high... Read more
Affected Products : linux_kernel enterprise_linux fedora debian_linux h410c_firmware h300s_firmware h500s_firmware h700s_firmware h410s_firmware virtualization_host +17 more products- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICAL- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2021-3750
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and tri... Read more
- Published: May. 02, 2022
- Modified: Nov. 21, 2024